OpenSSL Blog

Implementing HPKE in OpenSSL 3.2


The upcoming OpenSSL 3.2 will be implementing Hybrid Public Key Encryption (HPKE) into the library.

Hybrid Public Key Encryption (HPKE) is a cryptographic protocol defined in RFC 9180 (Request for Comments) that aims to provide a flexible and secure way to perform public key encryption in various scenarios. HPKE combines the security of public key encryption with the flexibility of using different key exchange methods and encryption schemes. This protocol is designed to be used in a wide range of applications, including securing communications over the internet and other networked environments.

Implementing HPKE in OpenSSL will help ensure that your public key encryption solution is both effective and reliable for securing data in various applications and environments for the following reasons:

  • Security: HPKE is designed to offer strong security properties, such as confidentiality, authenticity, and forward secrecy. By implementing HPKE in a trusted cryptographic library like OpenSSL, you can leverage the library‚Äôs well-vetted and regularly updated cryptographic primitives and algorithms. This helps ensure that your encryption and key exchange mechanisms are robust and secure.
  • Interoperability: OpenSSL is a widely used cryptographic library with support for various cryptographic algorithms and standards. Implementing HPKE in OpenSSL allows you to interoperate with other systems, applications, and services that also use OpenSSL or comply with the same standards. This ensures that your encrypted data can be exchanged with a wide range of systems.
  • Standard Compliance: Implementing HPKE in OpenSSL can help ensure that your encryption solution adheres to industry standards and best practices. HPKE is designed as an open standard and is defined in RFC 9180. Using OpenSSL to implement HPKE means you are following a standardized approach to public key encryption.
  • Efficiency: OpenSSL is highly optimized for performance, and it offers efficient implementations of cryptographic algorithms. This efficiency is important for real-world applications, as it ensures that encryption and decryption operations can be performed with minimal impact on system performance.
  • Community and Support: OpenSSL has an active and well-established community of developers and users. This means that you can benefit from community support, documentation, and resources when implementing HPKE in OpenSSL. You can also stay up to date with security updates and patches.
  • Flexibility: OpenSSL allows you to customize and configure various aspects of your cryptographic operations. You can choose the key exchange methods, encryption algorithms, and other parameters to tailor your HPKE implementation to your specific requirements.
  • Open Source: OpenSSL is open source, which means you have access to the source code and can inspect, audit, and modify it if necessary. This transparency can provide greater confidence in the security of your implementation.
  • Performance and Optimization: OpenSSL provides options for hardware acceleration, which can significantly improve the performance of cryptographic operations. This is particularly important in applications that require high throughput and low latency.

Overall, HPKE is a versatile and secure public key encryption protocol that can be used in a wide range of applications and scenarios, providing confidentiality and authenticity for data exchanged over the internet and other networked environments. Its flexibility and support for various encryption methods make it a valuable tool in the realm of modern cryptography.

If you have any questions or comments please email us at